rpms/java-1.8.0-openjdk
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI java-1.8.0-openjdk-1.8.0.402.b06-2.el9

Browse Source
This commit is contained in:
eabdullin 2024-01-17 20:44:37 +00:00
parent 831e45ebab
commit 2d12046b98
6 changed files with 156 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u392-b08.tar.xz SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06.tar.xz
SOURCES/tapsets-icedtea-3.15.0.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz

2
.java-1.8.0-openjdk.metadata
View File

@ -1,2 +1,2 @@
2ca27b0d535c9dcf71679cad14be5660d0554f82 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u392-b08.tar.xz 0ca0a2433bfd7aa62a21fc37c8079f540e672a9c SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06.tar.xz
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz

144
SOURCES/NEWS
View File

@ -3,6 +3,131 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 8u402 (2024-01-16):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u402
* CVEs
- CVE-2024-20918
- CVE-2024-20919
- CVE-2024-20921
- CVE-2024-20926
- CVE-2024-20945
- CVE-2024-20952
* Security fixes
- JDK-8308204: Enhanced certificate processing
- JDK-8314284: Enhance Nashorn performance
- JDK-8314295: Enhance verification of verifier
- JDK-8314307: Improve loop handling
- JDK-8314468: Improve Compiler loops
- JDK-8316976: Improve signature handling
- JDK-8317547: Enhance TLS connection support
* Other changes
- JDK-6528710: sRGB-ColorSpace to sRGB-ColorSpace Conversion
- JDK-8029995: accept yes/no for boolean krb5.conf settings
- JDK-8159156: [TESTBUG] ReserveMemory test is not useful on Aix.
- JDK-8176509: Use pandoc for converting build readme to html
- JDK-8206179: com/sun/management/OperatingSystemMXBean/GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value
- JDK-8207404: MulticastSocket tests failing on AIX
- JDK-8212677: X11 default visual support for IM status window on VNC
- JDK-8239365: ProcessBuilder test modifications for AIX execution
- JDK-8271838: AmazonCA.java interop test fails
- JDK-8285398: Cache the results of constraint checks
- JDK-8285696: AlgorithmConstraints:permits not throwing IllegalArgumentException when 'alg' is null
- JDK-8302017: Allocate BadPaddingException only if it will be thrown
- JDK-8305329: [8u] Unify test libraries into single test library - step 1
- JDK-8307837: [8u] Check step in GHA should also print errors
- JDK-8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails
- JDK-8311813: C1: Uninitialized PhiResolver::_loop field
- JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
- JDK-8312535: MidiSystem.getSoundbank() throws unexpected SecurityException
- JDK-8315280: Bump update version of OpenJDK: 8u402
- JDK-8315506: C99 compatibility issue in LinuxNativeDispatcher
- JDK-8317291: Missing null check for nmethod::is_native_method()
- JDK-8317373: Add Telia Root CA v2
- JDK-8317374: Add Let's Encrypt ISRG Root X2
- JDK-8318759: Add four DigiCert root certificates
- JDK-8319187: Add three eMudhra emSign roots
- JDK-8319405: [s390] [jdk8] Increase javac default stack size for s390x zero
- JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly
Notes on individual issues:
===========================
security-libs/org.ietf.jgss:krb5:
JDK-8029995: accept yes/no for boolean krb5.conf settings
=========================================================
The krb5.conf configuration file now also accepts "yes" and "no", as
alternatives to the existing "true" and "false" support, when using
settings that take boolean values.
security-libs/java.security:
JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
===============================================================================================================================
A maximum signature file size property, jdk.jar.maxSignatureFileSize,
was introduced in the 8u382 release of OpenJDK by JDK-8300596, with a
default of 8MB. This default proved to be too small for some JAR
files. This release, 8u402, increases it to 16MB.
JDK-8317374: Added ISRG Root X2 CA Certificate from Let's Encrypt
=================================================================
The following root certificate has been added to the cacerts
truststore:
Name: Let's Encrypt
Alias Name: letsencryptisrgx2
Distinguished Name: CN=ISRG Root X2, O=Internet Security Research Group, C=US
JDK-8318759: Added Four Root Certificates from DigiCert, Inc.
=============================================================
The following root certificates have been added to the cacerts
truststore:
Name: DigiCert, Inc.
Alias Name: digicertcseccrootg5
Distinguished Name: CN=DigiCert CS ECC P384 Root G5, O="DigiCert, Inc.", C=US
Name: DigiCert, Inc.
Alias Name: digicertcsrsarootg5
Distinguished Name: CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US
Name: DigiCert, Inc.
Alias Name: digicerttlseccrootg5
Distinguished Name: CN=DigiCert TLS ECC P384 Root G5, O="DigiCert, Inc.", C=US
Name: DigiCert, Inc.
Alias Name: digicerttlsrsarootg5
Distinguished Name: CN=DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US
JDK-8319187: Added Three Root Certificates from eMudhra Technologies Limited
============================================================================
The following root certificates have been added to the cacerts
truststore:
Name: eMudhra Technologies Limited
Alias Name: emsignrootcag1
Distinguished Name: CN=emSign Root CA - G1, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
Name: eMudhra Technologies Limited
Alias Name: emsigneccrootcag3
Distinguished Name: CN=emSign ECC Root CA - G3, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
Name: eMudhra Technologies Limited
Alias Name: emsignrootcag2
Distinguished Name: CN=emSign Root CA - G2, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
JDK-8317373: Added Telia Root CA v2 Certificate
===============================================
The following root certificate has been added to the cacerts
truststore:
Name: Telia Root CA v2
Alias Name: teliarootcav2
Distinguished Name: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI ```
New in release OpenJDK 8u392 (2023-10-17): New in release OpenJDK 8u392 (2023-10-17):
=========================================== ===========================================
Live versions of these release notes can be found at: Live versions of these release notes can be found at:
@ -52,8 +177,8 @@ Notes on individual issues:
other-libs/corba:idl: other-libs/corba:idl:
8303384: Improved communication in CORBA JDK-8303384: Improved communication in CORBA
======================================== ============================================
The JDK's CORBA implementation now provides the option to limit The JDK's CORBA implementation now provides the option to limit
serialisation in stub objects to those with the "IOR:" prefix. For serialisation in stub objects to those with the "IOR:" prefix. For
ORB constrained stub classes: ORB constrained stub classes:
@ -762,19 +887,6 @@ the current count of established connections and, if the configured
limit has been reached, then the newly accepted connection will be limit has been reached, then the newly accepted connection will be
closed immediately. closed immediately.
core-libs/java.net:
JDK-8286918: Better HttpServer service
======================================
The HttpServer can be optionally configured with a maximum connection
limit by setting the jdk.httpserver.maxConnections system property. A
value of 0 or a negative integer is ignored and considered to
represent no connection limit. In the case of a positive integer
value, any newly accepted connections will be first checked against
the current count of established connections and, if the configured
limit has been reached, then the newly accepted connection will be
closed immediately.
security-libs/javax.net.ssl: security-libs/javax.net.ssl:
JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles
@ -972,7 +1084,7 @@ device paths such as `NUL:` are *not* used.
New in release OpenJDK 8u332 (2022-04-22): New in release OpenJDK 8u332 (2022-04-22):
=========================================== ===========================================
Live versions of these release notes can be found at: Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u332 * https://bitly.com/openjdk8u332
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt
* Security fixes * Security fixes

19
SOURCES/java-1.8.0-openjdk-portable.specfile
View File

@ -267,7 +267,7 @@
# Define version of OpenJDK 8 used # Define version of OpenJDK 8 used
%global project openjdk %global project openjdk
%global repo shenandoah-jdk8u %global repo shenandoah-jdk8u
%global openjdk_revision jdk8u392-b08 %global openjdk_revision jdk8u402-b06
%global shenandoah_revision shenandoah-%{openjdk_revision} %global shenandoah_revision shenandoah-%{openjdk_revision}
# Define IcedTea version used for SystemTap tapsets and desktop file # Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 3.15.0 %global icedteaver 3.15.0
@ -597,8 +597,6 @@ Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
Patch581: jdk8257794-remove_broken_assert.patch Patch581: jdk8257794-remove_broken_assert.patch
# JDK-8186464, RH1433262: ZipFile cannot read some InfoZip ZIP64 zip files # JDK-8186464, RH1433262: ZipFile cannot read some InfoZip ZIP64 zip files
Patch12: jdk8186464-rh1433262-zip64_failure.patch Patch12: jdk8186464-rh1433262-zip64_failure.patch
# JDK-8312489, OJ2095: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
Patch2000: jdk8312489-max_sig_default_increase.patch
############################################# #############################################
# #
@ -869,8 +867,6 @@ pushd %{top_level_dir_name}
%patch1000 -p1 %patch1000 -p1
# system cacerts support # system cacerts support
%patch539 -p1 %patch539 -p1
# JDK-8312489 backport, proposed for 8u402: https://github.com/openjdk/jdk8u-dev/pull/381
%patch2000 -p1
popd popd
# RPM-only fixes # RPM-only fixes
@ -1500,6 +1496,19 @@ done
%{_jvmdir}/%{miscportablearchive}.sha256sum %{_jvmdir}/%{miscportablearchive}.sha256sum
%changelog %changelog
* Thu Jan 11 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.402.b06-0.1.ea
- Update to shenandoah-jdk8u402-b06 (GA)
- Update release notes for shenandoah-8u402-b06.
- Drop local copy of JDK-8312489 which is now included upstream
- Switch to GA mode.
- ** This tarball is embargoed until 2024-01-16 @ 1pm PT. **
* Tue Dec 05 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.402.b01-0.1.ea
- Update to shenandoah-jdk8u402-b01 (EA)
- Update release notes for shenandoah-8u402-b01.
- Switch to EA mode.
- Sync NEWS with vanilla branch version.
* Wed Oct 11 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.392.b08-1 * Wed Oct 11 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.392.b08-1
- Update to shenandoah-jdk8u392-b08 (GA) - Update to shenandoah-jdk8u392-b08 (GA)
- Update release notes for shenandoah-8u392-b08. - Update release notes for shenandoah-8u392-b08.

48
SOURCES/jdk8312489-max_sig_default_increase.patch
View File

@ -1,48 +0,0 @@
commit c38a36f124a7eb28920cc367cb01b67d973a55c0
Author: Andrew John Hughes <andrew@openjdk.org>
Date: Wed Oct 11 01:42:03 2023 +0100
Backport e47a84f23dd2608c6f5748093eefe301fb5bf750
diff --git a/jdk/src/share/classes/java/util/jar/JarFile.java b/jdk/src/share/classes/java/util/jar/JarFile.java
index a26dcc4a1c7..ac2e1c9d6a8 100644
--- a/jdk/src/share/classes/java/util/jar/JarFile.java
+++ b/jdk/src/share/classes/java/util/jar/JarFile.java
@@ -436,7 +436,9 @@ class JarFile extends ZipFile {
throw new IOException("Unsupported size: " + uncompressedSize +
" for JarEntry " + ze.getName() +
". Allowed max size: " +
- SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes");
+ SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes. " +
+ "You can use the jdk.jar.maxSignatureFileSize " +
+ "system property to increase the default value.");
}
int len = (int)uncompressedSize;
byte[] b = IOUtils.readAllBytes(is);
diff --git a/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java b/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java
index c335e964f63..afdfa406b92 100644
--- a/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java
+++ b/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java
@@ -855,16 +855,16 @@ public class SignatureFileVerifier {
* the maximum allowed number of bytes for the signature-related files
* in a JAR file.
*/
- Integer tmp = AccessController.doPrivileged(new GetIntegerAction(
- "jdk.jar.maxSignatureFileSize", 8000000));
+ int tmp = AccessController.doPrivileged(new GetIntegerAction(
+ "jdk.jar.maxSignatureFileSize", 16000000));
if (tmp < 0 || tmp > MAX_ARRAY_SIZE) {
if (debug != null) {
- debug.println("Default signature file size 8000000 bytes " +
- "is used as the specified size for the " +
- "jdk.jar.maxSignatureFileSize system property " +
+ debug.println("The default signature file size of 16000000 bytes " +
+ "will be used for the jdk.jar.maxSignatureFileSize " +
+ "system property since the specified value " +
"is out of range: " + tmp);
}
- tmp = 8000000;
+ tmp = 16000000;
}
return tmp;
}

18
SPECS/java-1.8.0-openjdk.spec
View File

@ -305,7 +305,7 @@
# Define version of OpenJDK 8 used # Define version of OpenJDK 8 used
%global project openjdk %global project openjdk
%global repo shenandoah-jdk8u %global repo shenandoah-jdk8u
%global openjdk_revision jdk8u392-b08 %global openjdk_revision jdk8u402-b06
%global shenandoah_revision shenandoah-%{openjdk_revision} %global shenandoah_revision shenandoah-%{openjdk_revision}
# Define IcedTea version used for SystemTap tapsets and desktop files # Define IcedTea version used for SystemTap tapsets and desktop files
%global icedteaver 3.15.0 %global icedteaver 3.15.0
@ -351,7 +351,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27 # eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
%global rpmrelease 3 %global rpmrelease 2
# Settings used by the portable build # Settings used by the portable build
%global portablerelease 1 %global portablerelease 1
%global portablesuffix el8 %global portablesuffix el8
@ -1562,8 +1562,6 @@ Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch
Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32 # JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
Patch581: jdk8257794-remove_broken_assert.patch Patch581: jdk8257794-remove_broken_assert.patch
# JDK-8312489, OJ2095: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
Patch2000: jdk8312489-max_sig_default_increase.patch
############################################# #############################################
# #
@ -1986,8 +1984,6 @@ pushd %{top_level_dir_name}
%patch1000 -p1 %patch1000 -p1
# cacerts patch; must follow FIPS patch as it also alters java.security # cacerts patch; must follow FIPS patch as it also alters java.security
%patch539 -p1 %patch539 -p1
# JDK-8312489 backport, proposed for 8u402: https://github.com/openjdk/jdk8u-dev/pull/381
%patch2000 -p1
popd popd
# RPM-only fixes # RPM-only fixes
@ -2877,6 +2873,16 @@ cjc.mainProgram(args)
%endif %endif
%changelog %changelog
* Thu Jan 11 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.402.b06-0.2.ea
- Update to shenandoah-jdk8u402-b06 (GA)
- Update release notes for shenandoah-8u402-b06.
- Sync NEWS with vanilla branch version.
- Sync the copy of the portable specfile with the latest update
- Drop local copy of JDK-8312489 which is now included upstream
- ** This tarball is embargoed until 2024-01-16 @ 1pm PT. **
- Resolves: RHEL-17918
- Resolves: RHEL-20987
* Mon Oct 16 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.392.b08-3 * Mon Oct 16 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.392.b08-3
- Revert jcmd move as jcmd will not operate without tools.jar - Revert jcmd move as jcmd will not operate without tools.jar
- Related: RHEL-13605 - Related: RHEL-13605